EUVD-2026-9778

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...

EUVD-2026-9631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2026-28042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...

CVE-2026-22440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through = 1.4.7...

CVE-2026-28130 WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through = 4.14.0...

CVE-2026-28109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XSS.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

CVE-2026-28075

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

CVE-2026-27375

CVE-2026-27375 is a Reflected Cross-Site Scripting (XSS) vulnerability in the JanStudio Gecko theme (WordPress Gecko gecko) affecting Gecko versions

CVE-2026-27352

CVE-2026-27352 affects ThemeGoods Starto (WordPress Starto theme). The vulnerability is a Reflected XSS due to improper input neutralization during web page generation. Affected versions are Starto from before 2.2.5 (i.e., impacted until 2.2.4). The CVSS 3.1 vector indicates Network attack, no pr...

changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...

CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

CVE-2025-11950 Reflected XSS in Knowhy's EduAsist

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS. This issue affects EduAsist: before v2.1...

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

CVE-2026-1434

Omega-PSIR is affected by a Reflected XSS vulnerability in the lang parameter. An attacker can craft a malicious URL that, when opened by a user, causes arbitrary JavaScript to execute in the victim’s browser. The issue has a fixed version: 4.6.7. The CVSS data indicates Network attack vector, lo...

CVE-2026-2679 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-27948 Copyparty vulnerable to eflected cross-site scripting via setck parameter

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter ?setck=.... Version 1.20.9 fixes the issue...

PT-2026-22140

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...